Richard Bejtlich's blog on digital security, strategic thought, and military history.

Saturday, September 23, 2006

Throughput Testing Through a Bridge

In my earlier posts I've discussed throughput testing. Now I'm going to introduce an inline system as a bridge. You could imagine that this system might be a firewall, or run Snort in inline mode. For the purposes of this post, however, we're just going to see what effect the bridge has on throughput between a client and server.

This is the new system. It's called cel600, and it's running the same GENERIC.POLLING kernel mentioned earlier.

It's not really feasible to make any solid assumptions based on these tests. They're basically get to get a ballpark feel for the capabilities of a given architecture, but you need to repeat them multiple times to get some confidence in the results.

If you want built-in repeatability and confidence testing, try Netperf.

With these results, however, I have some idea of what I can expect from this particular hardware setup, namely a bridge between a client sending data to a server.

TCP over fiber: about 104 Mbps

UDP over fiber: about 276 Mbps

TCP over copper: about 128 Mbps

UDP over copper: about 209 Mbps

Rounding down, and acting conservatively, I would feel this setup could handle somewhere around 100 Mbps (aggregated) over fiber and around 125 Mbps over copper. Note this says nothing about any software running on the bridge and its ability to do whatever function it is designed to perform. This is just a throughput estimate.

In my next related posts I'll introduce bypass switches and see how they influence this process.

I'll also rework the configuration into straight-through, bridged, and switched modes to test latency using ping.

3 comments:

I tried to send traffic as fast as possible with straight through GIG copper from an OpenBSD box to a Linux box, the fastest I could send was 350Mb.

Just like you have mentioned, your hardware is the main bottle neck, and this was a horribly configured install on a Dual Xeon box. I am going to try to setup a FreeBSD box and see if I can do the configuration (as was told to me), with a ramdrive and get gig speed :-)

I Richard.- I'm reading your book "The TAO of Network Security Monitoring", it's an excellent book, it open my mind about monitoring. Now I'm in chapter 9, I'll give you my comments when I finish all the book. I have 2 question about this blog...First, I use FreeBSD firewalls with IPFW(not in bridge). You recommend the use of "polling" on all the interfaces (inside, outside, DMZ)? Second, it's good idea to add another NIC to this firewall and use it to capture all data like you say in your book? I also run squid to cache content and some rules.